7 matches found
CVE-2022-31022
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...
Linux Distros Unpatched Vulnerability : CVE-2022-31022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pav...
CVE-2022-31022 vulnerabilities
Vulnerabilities for packages: grafana, mattermost-fips, gitea, mattermost, gitea-fips, gitness...
CVE-2022-31022 vulnerabilities
Vulnerabilities for packages: gitness, gitea...
CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...
CVE-2022-31022
This CVE affects Bleve’s http package (bleve/http) used by its sample app. The CreateIndexHandler and DeleteIndexHandler allowed a user with server write access to create a new index directory and recursively delete directories owned by the same user, potentially exposing local filesystem risk. V...
CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...